Hi, I am trying to add passkeys to my app. According to the sample code, I need to create a passkey and verify it with the server. But what if I make a passkey successfully but fail to finish the server request? The passkey will still be stored in the keychain. Can I delete it programmatically?
Passkeys can't be deleted programmatically, just like a user's passwords. If a user wants to delete their passkey, they can do so in Settings > Passwords.
Passkeys can't be deleted programmatically, just like a user's passwords. If a user wants to delete their passkey, they can do so in Settings > Passwords.
Is it possible to delete passkeys in macOS Ventura? I've been doing some testing with Safari 16 and have dozen or so passkeys that weren't successfully registered on the server. Would be nice to be able to clear them, but I don't see any options for that in macOS Ventura beta 3 (22A5295h).
Just like on iOS, you can delete them in the system password manager. They show up alongside your password-based accosts in System Settings > Passwords.
I understand that a user can delete their own Passkey through Settings, but guideline 5.1.1(v) dictates "apps that support account creation must let users initiate deletion of their account within the app".
As Passkeys, and thus an account, can be generated from within the app - the requirement here means we need to be able to delete them from within the app too. This means programmatically - with validation to ensure we can only delete our own passkeys, and indeed ensuring that the user wants to delete it (with a modal).
Also, with the ability to delete a passkey (and presumably their only way of accessing their account) outside of the app, it leads us with orphaned accounts. Accounts which exist on the server but the user cannot access.
What is the best pattern here?
A passkey is not an account, just like a password is not an account. Both passkeys and passwords are credentials to access an account. If a user deletes their password-based account today, their username and password still remain in their password manager. The same is true for passkeys.
I would echo James' comment/sentiment ... that per the Passkey guidelines, the app MUST provide the end user with a method/mechnism to delete the associated passkey ...
I'm in a situation where I've changed my Apple ID ... the old Apple ID did have a (just 1) passkey associated with developer.apple.com ... once the Apple ID change was complete, I can still login to developer.apple.com, but the authentication splash screen shows my old Apple ID (so the change just isn't clean) ... and I have NO METHOD to delete that passkey
